<?php
session_start();
include("load-settings.php");

if(!isset($_SESSION['user']))
	header("Location: login.php");

$user = mysql_real_escape_string($_SESSION['user']);
$result = mysql_query("SELECT * FROM user WHERE id = $user");
$row = mysql_fetch_array($result);

if($row['type'] != 2)
	header("Location: home.php");

$id = mysql_real_escape_string($_POST['id']);
$message = mysql_real_escape_string($_POST['message']);

mysql_query("UPDATE site_message SET message = '$message' WHERE id = $id") or die(mysql_error());

header("Location: admin-messages.php");

?>